Reddit hacked, database with passwords and email for 2005-2007 leaked
One of the largest social hubs of the Internet, Reddit, on Wednesday announced the penetration of cybercriminals into its network.
The attackers managed to gain access to various data: a database with email addresses and hashed user passwords registered from 2005 to 2007, user emails, source codes, internal files, and “all Reddit data since 2007”. It is reported that the incident took place between 14 and 18 uw n I in 2018, and entering found 19 uw n i. The attackers compromised the unrevealed number of Reddit employees and infiltrated into “several systems” by gaining access to the data.
Illustration from theguardian.com
Representatives of Reddit officially recognized the fact of hacking and outlined the essence of what happened in his blog :
Hackers got in particular to the backup database, dated May 2007. Reddit was founded and earned in 2005, and this backup database contained all the information for the site’s two years of operation, including all of its content and user messages (including personal), as well as hashed passwords and salts for hashes that were relevant at the time of creating the backup .
Representatives of the company claim that the criminals did not have access to write to the compromised servers, and therefore could not modify any important data. Nevertheless, the developers still strengthened security (in particular, changed the API keys) and monitoring.
The same hackers were lucky to get up to the more recent email-digests sent between June 3 and 17 uw nI am the year 2018. These collections of recommended posts for portal readers contain information about user names and associated email addresses.
Reddit uses plain SMS-based two-factor authentication to protect its employee accounts by requiring the input of a one-time access code along with a username and password.
However, according to Reddit, it was these hacker text messages that intercepted
Keith Graham (Keith Graham), chief technical officer of SecureAuth + Core Security , who commented on the situation for the Guardian : “Although SMS-based authentication is popular and much more secure than just a password, It is widely known that she is quite vulnerable to intruders who, using her gaps, have already hacked many celebrities.
Graham explained that cybercriminals are able to access the phone number to which the two-factor code is sent. SMS: "For example, a cybercriminal can simply provide the victim’s mobile phone representative, the last 4 digits of the social security number and possibly a credit card for the mobile number transfer phone.
“This is information that is widely available on Darknet due to previous database leaks, such as Equifax.”
Some questions are caused by the fact that if the security incident was discovered on June 19, 2018, it was only publicly reported on August 1, 2018, i.e. more than a month later. Another interesting point, in the comments to the news about the incident, resource administrators said that "they hired their very first security chief , and he started work only 2.5 months ago ."
At the moment, the compromised user accounts are still valid, but letters have been sent to their owners with instructions for changing the password.
In addition, reddit administrators have introduced advanced two-factor authentication to access confidential data. Reddit users are advised to reset and set a strong unique password and set up login confirmation using the code generated by the application, and not via SMS.
The attackers managed to gain access to various data: a database with email addresses and hashed user passwords registered from 2005 to 2007, user emails, source codes, internal files, and “all Reddit data since 2007”. It is reported that the incident took place between 14 and 18 uw n I in 2018, and entering found 19 uw n i. The attackers compromised the unrevealed number of Reddit employees and infiltrated into “several systems” by gaining access to the data.
Illustration from theguardian.com
Representatives of Reddit officially recognized the fact of hacking and outlined the essence of what happened in his blog :
On June 19, we learned that a hacker had compromised several Reddit accounts with access to the cloud and source code, intercepting two-factor authentication verification codes that came via SMS
We cooperate with law enforcement agencies, do the necessary to eliminate the consequences of the current situation, and also try to do everything to avoid similar incidents in the future. Only a small number of users were affected, which we have already managed to notify.
Hackers got in particular to the backup database, dated May 2007. Reddit was founded and earned in 2005, and this backup database contained all the information for the site’s two years of operation, including all of its content and user messages (including personal), as well as hashed passwords and salts for hashes that were relevant at the time of creating the backup .
Representatives of the company claim that the criminals did not have access to write to the compromised servers, and therefore could not modify any important data. Nevertheless, the developers still strengthened security (in particular, changed the API keys) and monitoring.
The same hackers were lucky to get up to the more recent email-digests sent between June 3 and 17 uw nI am the year 2018. These collections of recommended posts for portal readers contain information about user names and associated email addresses.
SMS based two factor authentication failure
Reddit uses plain SMS-based two-factor authentication to protect its employee accounts by requiring the input of a one-time access code along with a username and password.
However, according to Reddit, it was these hacker text messages that intercepted
Keith Graham (Keith Graham), chief technical officer of SecureAuth + Core Security , who commented on the situation for the Guardian : “Although SMS-based authentication is popular and much more secure than just a password, It is widely known that she is quite vulnerable to intruders who, using her gaps, have already hacked many celebrities.
Graham explained that cybercriminals are able to access the phone number to which the two-factor code is sent. SMS: "For example, a cybercriminal can simply provide the victim’s mobile phone representative, the last 4 digits of the social security number and possibly a credit card for the mobile number transfer phone.
“This is information that is widely available on Darknet due to previous database leaks, such as Equifax.”
Effects
Some questions are caused by the fact that if the security incident was discovered on June 19, 2018, it was only publicly reported on August 1, 2018, i.e. more than a month later. Another interesting point, in the comments to the news about the incident, resource administrators said that "they hired their very first security chief , and he started work only 2.5 months ago ."
At the moment, the compromised user accounts are still valid, but letters have been sent to their owners with instructions for changing the password.
In addition, reddit administrators have introduced advanced two-factor authentication to access confidential data. Reddit users are advised to reset and set a strong unique password and set up login confirmation using the code generated by the application, and not via SMS.
Only registered users can participate in the survey. Sign in , please.